This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.

One of the weakest links in security systems is end user credentials. They are often abused by their legitimate owners, and stolen by malicious actors. The 2014 Verizon Data Breach Investigations Report revealed that 88% of insider breaches involve abuse of privileges, and 82% of security attacks involve stolen user credentials.

An external attacker might use a stolen set of credentials to make the initial infiltration of a network, to make lateral movements inside the network to gain access to sensitive data or information, or to exfiltrate data to complete the breach. This type of activity is hard to detect because the credentials themselves are legitimate—they are just being used the wrong way.